Understanding Nuances of Privacy and Security in the Context of Information Systems

The concepts of privacy and security are interrelated but the underlying meanings behind them may vary across different contexts. As information technology is becoming integrated in our lives, emerging information privacy and security issues have been catching both scholars’ and practitioners’ attention with the aim to address these issues. Examples of such issues include users’ role in information security breaches, online information disclosure and its impact on information privacy, and the collection and use of electronic data for surveillance. These issues are associated with and can be explained by various disciplines, such as psychology, law, business, economics, and information systems. This diversity of disciplines leads to an inclusive approach that subsumes interrelated constructs, such as security, anonymity, and surveillance, as a part of privacy in the current literature. However, privacy and security are distinct concepts. In this paper, we argue that to better understand the role of human factors in the context of information privacy and security, these two concepts need to be examined independently. We examine the two concepts and systematically present various nuances of information privacy and security

Smart labs and social practice: social tools for pervasive laboratory workspaces: a position paper

The emergence of pervasive and ubiquitous computing stimulates a view of future work environments where sharing of information, data and knowledge is easy and commonplace, particularly in highly interactive settings. Much of the work in this area focuses on tool development to support activities such as data collection, data recording and sharing, and so on. We are interested in this kind of technical development, which is both challenging and essential for science communities. But we are also interested in a broader interpretation of knowledge sharing and the human/social side of tools we develop to support this. We are keen to know more about how groups of different kinds of scientists can make their work understandable and shareable with each other in a multidisciplinary setting. This is a complex task because boundaries and barriers can emerge between disciplines engendered by differences in discourses and practices, which may not easily translate into other discipline areas. In the worst case, there may be some hostility between disciplines, or at least doubt and scepticism. Nevertheless, sharing approaches to research, research expertise, data and methods across disciplines can be a very fruitful exercise, and encouragement to engage in this activity is particularly pertinent in the digital era. Issues of privacy and security are also key aspects – knowing when and how to release data or information to other groups is crucial to providing a safe environment for people to work, and there are several sensitivities to be explored here. In this paper we describe an evolving situation that captures many of these issues, which we aim to track longitudinally

Alignment of Coursework with Knowledge Requirements: A Textbook Content Analysis

Every information systems professional has a role to play in security. Analysts must consider security in their analyses and designs; programmers think through logic flaws that create vulnerabilities; and database managers need to provide appropriate access without exposing sensitive information to bad actors. Other disciplines also recognize the importance of employees having a respect for security and a broad understanding of concepts that enable it. Universities prepare students for careers across different domains; and the increasingly important formation of security knowledge falls to IS faculty. This study first examines relevant job postings to determine the knowledge, skills, and abilities most sought after by employers; then uses those results in a content analysis of current information security textbooks to indicate the degree to which employer-demanded concepts are covered in university-deployed teaching materials. The overall results of this study found that coverage of terms associated with security knowledge areas demanded by the marketplace is mixed among six leading textbooks, ranging from near complete coverage to just over half of the topics

WLCG Security Operations Centres Working Group

Security monitoring is an area of considerable interest for sites in the Worldwide LHC Computing Grid (WLCG), particularly as we move as a community towards the use of a growing range of computing models and facilities. There is an increasingly large set of tools available for these purposes, many of which work in concert and use concepts drawn from the use of analytics for Big Data. The integration of these tools into what is commonly called a Security Operations Centre (SOC), however, can be a complex task - the open source project Apache Metron (which at the time of writing is in incubator stage and is an evolution of the earlier OpenSOC project) is a popular example of one such integration. At the same time, the necessary scope and rollout of such tools can vary widely for sites of different sizes and topologies. Nevertheless, the use of such platforms could be critical for security in modern Grid and Cloud sites across all scientific disciplines. In parallel, the use and need for threat intelligence sharing is at a key stage and is an important component of a SOC. Grid and Cloud security is a global endeavour - modern threats can affect the entire community, and trust between sites is of utmost importance. Threat intelligence sharing platforms are a vital component to building this trust as well as propagating useful threat data. The MISP software (Malware Information Sharing Platform) is a very popular and exible tool for this purpose, in use at a wide range of organizations in different domains across the world. In this context we present the work of the WLCG Security Operations Centres Work- ing Group, which was created to coordinate activities in these areas across the WLCG. The mandate of this group includes the development of a scalable SOC reference design applicable for a range of sites by examining current and prospective SOC projects & tools. In particular we report on the first work on the deployment of MISP and the Bro Intru- sion Detection System at a number of WLCG sites as SOC components, including areas of integration between these tools. We also report on our future roadmap and framework, which includes the Apache Metron project

Asymmetric Information in the Labor Market, Immigrants and Contract Menu

Immigrant workers and their labor force participation in host countries have received critical attention in all concerned disciplines, principally owing to its strong implications for well-being of natives. The ageing population in many rich countries and several related and unrelated issues including global integration, pension provisions or security threats keeps immigration under continuous impact evaluation. However, of the several studies that dealt with patterns and consequences aspects of labor migration, only a handful discusses asymmetric information across transnational labor markets despite agreement that a standardized screening mechanism is unavailable. At the same time, several empirical studies show that immigrants are proportionally overrepresented in self-employment, vis-à-vis natives of equivalent skill levels. We try to explain this phenomenon based on asymmetric information in the host country labor market. We focus on the design of a contract menu by the employers, which when offered to a mixed cohort of immigrants facilitates self-selection in favor of paid employment or the outside option of self-employment/entrepreneurship. We also discuss countervailing incentives among the mixed cohort.immigrants, asymmetric information, labor contracts, self-employment, incentive compatibility

Intelligence And Public Health Threats

The acquisition, processing, and analysis of data about threats against public health have long been recognized as significant areas of work of intelligence operations aimed at protecting national security. Across modern states, public health has been securitized, with health facilities designated as critical infrastructure vital to national security. The organization of medical intelligence activities, particularly following the COVID-19 pandemic, has attracted the interest of experts representing a wide array of scientific disciplines. This paper attempts to highlight certain challenges inherent in establishing an intelligence community tasked with providing timely and relevant information regarding health threats, while also countering the dissemination of misinformation and alarming reports within the realm of public health

Interface, October 2003

As the School of Information Sciences begins its second year as a part of the College of Communication and Information, we continue to experience change, but perhaps not as much as we once expected. The planning we undertook to prepare for our transition into the College of Communication and Information has paid off handsomely. We are finding ways to share resources. We are making faculty contacts across disciplines. We are working together to build stronger graduate programs. We planned for these outcomes, and so despite all the change we’ve faced, we are still secure in our identity and our mission. We are not the same, but we are not diminished. And given our security, we again plan for an ambitious year

Verification of information flow security in cyber-physical systems

With a growing number of real-world applications that are dependent on computation, securing the information space has become a challenge. The security of information in such applications is often jeopardized by software and hardware failures, intervention of human subjects such as attackers, incorrect design specification and implementation, other social and natural causes. Since these applications are very diverse, often cutting across disciplines a generic approach to detect and mitigate these issues is missing. This dissertation addresses the fundamental problem of verifying information security in a class of real world applications of computation, the Cyber-physical systems (CPSs). One of the motivations for this work is the lack of a unified theory to specify and verify the complex interactions among various cyber and physical processes within a CPS. Security of a system is fundamentally characterized by the way information flows within the system. Information flow within a CPS is dependent on the physical response of the system and associated cyber control. While formal techniques of verifying cyber security exist, they are not directly applicable to CPSs due to their inherent complexity and diversity. This Ph.D. research primarily focuses on developing a uniform framework using formal tools of process algebras to verify security properties in CPSs. The merits in adopting such an approach for CPS analyses are three fold- i) the physical and continuous aspects and the complex CPS interactions can be modeled in a unified way, and ii) the problem of verifying security properties can be reduced to the problem of establishing suitable equivalences among the processes, and iii) adversarial behavior and security properties can be developed using the features like compositionality and process equivalence offered by the process algebras --Abstract, page iii

On women, cyber-feminism and information security : assessing security threats by gender

Abstract: The continued rise in information security threats has created a sustained risk to the competitiveness of businesses using computerised technology, particularly in Africa. It is posited that employees are the weakest link to the security of information systems across African businesses. The persistent affirmative campaigns in the fields of science, technology, engineering, and mathematics (STEM) has seen a steady rise of women employees entering the Information Technology (IT) industry. On one hand, this has presented new opportunities for women to play a more meaningful and significant contribution to IT in the advent of cyberfeminism. On the other hand, women now constitute great risk to the security of information systems. This emergent trend in Africa challenges the traditional paradigms where men accounted for higher percentages of sophisticated use of and threat to IT systems. The study applied the descriptive research design to describe the level of efficacy presented by women working in South African organisations. The intention was neither to formulate nor to test any hypothesis, but to use descriptive statistics to understand women’s efficacy, and the potential insider threat women could pose. A total number of 155 closed-ended questionnaires were distributed to women and men working in businesses operating in South Africa. 150 responses were obtained. A computerised statistical analysis software was used to analyse data. Results show that while both women and men had a reasonable understanding of information security tenets, women were perceived to be more cautious regarding how they expressed this understanding. The work is of significance to those in business practice in Africa because of the understanding that men will no longer be seen as the primary malefactors for information security threats. The implication for this study is that as more women are encouraged to pursue STEM disciplines, they will equally become weak links to the security of information systems. It is theorised that gender will no longer be a factor in determining security threat

Building information modelling project decision support framework

Building Information Modelling (BIM) is an information technology [IT] enabled approach to managing design data in the AEC/FM (Architecture, Engineering and Construction/ Facilities Management) industry. BIM enables improved interdisciplinary collaboration across distributed teams, intelligent documentation and information retrieval, greater consistency in building data, better conflict detection and enhanced facilities management. Despite the apparent benefits the adoption of BIM in practice has been slow. Workshops with industry focus groups were conducted to identify the industry needs, concerns and expectations from participants who had implemented BIM or were BIM “ready”. Factors inhibiting BIM adoption include lack of training, low business incentives, perception of lack of rewards, technological concerns, industry fragmentation related to uneven ICT adoption practices, contractual matters and resistance to changing current work practice. Successful BIM usage depends on collective adoption of BIM across the different disciplines and support by the client. The relationship of current work practices to future BIM scenarios was identified as an important strategy as the participants believed that BIM cannot be efficiently used with traditional practices and methods. The key to successful implementation is to explore the extent to which current work practices must change. Currently there is a perception that all work practices and processes must adopt and change for effective usage of BIM. It is acknowledged that new roles and responsibilities are emerging and that different parties will lead BIM on different projects. A contingency based approach to the problem of implementation was taken which relies upon integration of BIM project champion, procurement strategy, team capability analysis, commercial software availability/applicability and phase decision making and event analysis. Organizations need to understand: (a) their own work processes and requirements; (b) the range of BIM applications available in the market and their capabilities (c) the potential benefits of different BIM applications and their roles in different phases of the project lifecycle, and (d) collective supply chain adoption capabilities. A framework is proposed to support organizations selection of BIM usage strategies that meet their project requirements. Case studies are being conducted to develop the framework. The results of the preliminary design management case study is presented for contractor led BIM specific to the design and construct procurement strategy